Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Tactics and Penetration Testing. Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration.

Published byCaren Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Tactics and Penetration Testing. Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration."— Presentation transcript:

1 1 Tactics and Penetration Testing

2 Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration testing Methods Guidelines 2

3 Tactics Reconnaissance Exploit Communication Command Effect Reserve Implications 3

4 IW-Strategy: 4 Critical Issues What must you defend? –Mission of the organization –Assets of the organization What can you defend? –Personnel limitations –Information limitations What is likely to be attacked?

5 IW-Strategy: 5 Reconnaissance Extend view of the World Finding the network: Lookup, DNS, Routes Locating key hosts: Services, Public Nodes Profiling: Role, OS, Age, Content, Relations, hosts vs. decoys Points of Access: Initial and Follow-on Points of Vulnerability: technical, procedure Points of Exploit: Change State Points of Effect: Channel, Target, Cover

6 Exploit Methods by which to gain access or elevate privileges System type: Service and OS End goal: Impersonate, Intercept, Modify, Interrupt Jump points: Local, Border, Remote Methods: Vulnerability, Action, Reaction Evidence: System, Defense, Network 6

7 Communication Transfer of information on progress Indicators: External evidence of progress Waypoints: Phases of method Signaling: Present, Ready, Beacon Reporting: Success, Fail, Options Transfer: Information, Code, Command 7

8 Command Directing actions of hack Manual vs. Automatic: interactive, shells Command Channels: application, infrastructure Encryption and encoding Passive vs. Active Intelligence: actions, options, productivity Commanding Effects 8

9 Effect Mechanism for advancing hack Employ, Corrupt, Install, Reconfigure Phased effects Split effects Delegation, Propagation, Relocation Confusion Reconnaissance Plant the flag, Capture the flag 9

10 Reserve Unused means of attack Respond to defenses Respond to detection Branch points Redundancy Deception 10

11 Implications Replicating attacks Modifying attacks Operational damage Mission damage 11

12 Penetration Testing Identify weakness Inform response: Priority, Options, Effectiveness Assess security performance Communicate risk: “We think we’re really secure.” 12

13 Methods Appropriate to goal Within scenario Deception Bounded range Bounded damage 13

14 Guidelines Agreement on terms of penetration Goal Constraints Liabilities Indemnification Success and Failure 14

15 Goal Personnel Process Technology Service Readiness Exploration 15

16 Constraints Where applied When applied Scenario Resources: cost, effort, personnel, technology Excluded methods 16

17 Liabilities Technical instability Personnel distraction Financial dispersion Public perception Mission disruption 17

18 Indemnification Authority Accountability Oversight and Decision Reporting Information handling Non-disclosure 18

Download ppt "1 Tactics and Penetration Testing. Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration."

Similar presentations

Get ready! New-gTLD Preparedness Project Thoughts August, 2013 © Mikey OConnor (just attribution is fine) version 0.3.

Get ready! New-gTLD Preparedness Project Thoughts August, 2013 © Mikey OConnor (just attribution is fine) version 0.3.
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
Information Security Policies and Standards

Information Security Policies and Standards
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Penetration Testing.

Penetration Testing.
Introduction to Network Defense

Introduction to Network Defense
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Similar presentations

Ads by Google